A vulnerability in the get_sos() function in jdmarker.c could cause a
heap-based buffer overflow.

Impact

A remote attacker could entice a user to open a specially crafted JPEG
file in an application linked against libjpeg-turbo, possibly resulting
in the remote execution of arbitrary code with the permissions of the
user running the application, or Denial of Service.